From 3e397314659d36aba001aa7852f2b0a29f2b2c50 Mon Sep 17 00:00:00 2001 From: Christoph Date: Sun, 15 Mar 2026 15:42:06 +0100 Subject: [PATCH] Update.. --- host_vars/ga-al-gw.oopen.de.yml | 43 +++ host_vars/ga-gh-gw.oopen.de.yml | 52 ++-- host_vars/ga-nh-gw.oopen.de.yml | 10 - host_vars/ga-st-gw.ga.netz.yml | 43 +++ host_vars/gw-123.oopen.de.yml | 43 +++ host_vars/gw-ah.oopen.de.yml | 43 +++ host_vars/gw-akb.oopen.de.yml | 42 +++ host_vars/gw-b3.oopen.de.yml | 45 +++ host_vars/gw-blkr.oopen.de.yml | 48 ++-- host_vars/gw-campus.oopen.de.yml | 50 ++++ host_vars/gw-ckubu.local.netz.yml | 44 +++ host_vars/gw-d11.oopen.de.yml | 43 +++ host_vars/gw-dissens.oopen.de.yml | 43 +++ host_vars/gw-ebs.oopen.de.yml | 42 +++ host_vars/gw-elster.oopen.de.yml | 48 ++-- host_vars/gw-fhxb.oopen.de.yml | 43 +++ host_vars/gw-flr.oopen.de.yml | 47 ++- host_vars/gw-fm.oopen.de.yml | 51 ++-- host_vars/gw-irights.oopen.de.yml | 48 ++-- host_vars/gw-km.oopen.de.yml | 45 ++- host_vars/gw-mbr.oopen.de.yml | 364 ++++++++++++++++++++++++ host_vars/gw-opp.oopen.de.yml | 43 +++ host_vars/gw-spr.oopen.de.yml | 42 +++ host_vars/zapata.opp.netz.yml | 2 +- roles/modify-ipt-gateway/tasks/main.yml | 121 ++++---- 25 files changed, 1191 insertions(+), 254 deletions(-) create mode 100644 host_vars/gw-mbr.oopen.de.yml diff --git a/host_vars/ga-al-gw.oopen.de.yml b/host_vars/ga-al-gw.oopen.de.yml index 7ce1eaa..1771bd0 100644 --- a/host_vars/ga-al-gw.oopen.de.yml +++ b/host_vars/ga-al-gw.oopen.de.yml @@ -347,6 +347,49 @@ resolved_fallback_nameserver: # vars used by roles/common/tasks/cron.yml # --- +cron_user_entries: + + - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" + minute: '0-59/3' + hour: '*' + job: /root/bin/monitoring/check_forwarding.sh + + - name: "Check if nameservice (bind) is running?" + minute: '*/23' + hour: '*' + job: /root/bin/monitoring/check_dns.sh + + - name: "Check if Resolver (systemd-resolved) is up and running?" + minute: '*/23' + hour: '*' + job: bin/monitoring/check_systemd_resolved.sh + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/17' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check if SSH service is up and running?" + minute: '*/13' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check if OpenVPN service is up and running?" + minute: '*/29' + hour: '*' + job: /root/bin/monitoring/check_vpn.sh + + - name: "Copy gateway configuration" + minute: '09' + hour: '3' + job: /root/bin/manage-gw-config/copy_gateway-config.sh GA-AL + + - name: "Speedtest" + minute: 13 + hour: 0-8 + job: /root/bin/admin-stuff/speedtest.sh + + cron_user_special_time_entries: - name: "Restart NTP service 'ntpsec'" diff --git a/host_vars/ga-gh-gw.oopen.de.yml b/host_vars/ga-gh-gw.oopen.de.yml index 0d7c401..39e3214 100644 --- a/host_vars/ga-gh-gw.oopen.de.yml +++ b/host_vars/ga-gh-gw.oopen.de.yml @@ -91,50 +91,50 @@ network_interfaces: cron_user_entries: + - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" + minute: '0-59/3' + hour: '*' + job: /root/bin/monitoring/check_forwarding.sh + + - name: "Check if nameservice (bind) is running?" + minute: '*/23' + hour: '*' + job: /root/bin/monitoring/check_dns.sh + + - name: "Check if Resolver (systemd-resolved) is up and running?" + minute: '*/23' + hour: '*' + job: bin/monitoring/check_systemd_resolved.sh + - name: "Check if Postfix Mailservice is up and running?" - minute: "*/15" + minute: '*/17' hour: '*' job: /root/bin/monitoring/check_postfix.sh - name: "Check if SSH service is up and running?" - minute: "*/15" + minute: '*/13' hour: '*' job: /root/bin/monitoring/check_ssh.sh - name: "Check if OpenVPN service is up and running?" - minute: "*/30" + minute: '*/29' hour: '*' job: /root/bin/monitoring/check_vpn.sh - - name: "Check if nameservice (bind) is running?" - minute: '*/10' - hour: '*' - job: /root/bin/monitoring/check_dns.sh - - - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" - minute: "0-59/2" - hour: '*' - job: /root/bin/monitoring/check_forwarding.sh - - name: "Copy gateway configuration" - minute: "09" - hour: "3" - job: /root/bin/manage-gw-config/copy_gateway-config.sh GA-NH + minute: '09' + hour: '3' + job: /root/bin/manage-gw-config/copy_gateway-config.sh GA-GH + + - name: "Speedtest" + minute: 13 + hour: 0-8 + job: /root/bin/admin-stuff/speedtest.sh #cron_user_special_time_entries: [] cron_user_special_time_entries: - - name: "Check if Postfix Service is running at boot time" - special_time: reboot - job: "sleep 7 ; /root/bin/monitoring/check_postfix.sh" - insertafter: PATH - - - name: "Restart Systemd's resolved at boottime." - special_time: reboot - job: "sleep 10 ; /bin/systemctl restart systemd-resolved" - insertafter: PATH - - name: "Restart NTP service 'ntpsec'" special_time: reboot job: "sleep 15 ; /bin/systemctl restart ntpsec" diff --git a/host_vars/ga-nh-gw.oopen.de.yml b/host_vars/ga-nh-gw.oopen.de.yml index 71d9529..d9b0fd6 100644 --- a/host_vars/ga-nh-gw.oopen.de.yml +++ b/host_vars/ga-nh-gw.oopen.de.yml @@ -139,16 +139,6 @@ cron_user_entries: #cron_user_special_time_entries: [] cron_user_special_time_entries: - - name: "Check if Postfix Service is running at boot time" - special_time: reboot - job: "sleep 7 ; /root/bin/monitoring/check_postfix.sh" - insertafter: PATH - - - name: "Restart Systemd's resolved at boottime." - special_time: reboot - job: "sleep 10 ; /bin/systemctl restart systemd-resolved" - insertafter: PATH - - name: "Restart NTP service 'ntpsec'" special_time: reboot job: "sleep 15 ; /bin/systemctl restart ntpsec" diff --git a/host_vars/ga-st-gw.ga.netz.yml b/host_vars/ga-st-gw.ga.netz.yml index 438fdfb..3cf3995 100644 --- a/host_vars/ga-st-gw.ga.netz.yml +++ b/host_vars/ga-st-gw.ga.netz.yml @@ -400,6 +400,49 @@ resolved_fallback_nameserver: # vars used by roles/common/tasks/cron.yml # --- +cron_user_entries: + + - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" + minute: '0-59/3' + hour: '*' + job: /root/bin/monitoring/check_forwarding.sh + + - name: "Check if nameservice (bind) is running?" + minute: '*/23' + hour: '*' + job: /root/bin/monitoring/check_dns.sh + + - name: "Check if Resolver (systemd-resolved) is up and running?" + minute: '*/23' + hour: '*' + job: bin/monitoring/check_systemd_resolved.sh + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/17' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check if SSH service is up and running?" + minute: '*/13' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check if OpenVPN service is up and running?" + minute: '*/29' + hour: '*' + job: /root/bin/monitoring/check_vpn.sh + + - name: "Copy gateway configuration" + minute: '09' + hour: '3' + job: /root/bin/manage-gw-config/copy_gateway-config.sh GA-Schloss + + - name: "Speedtest" + minute: 13 + hour: 0-8 + job: /root/bin/admin-stuff/speedtest.sh + + cron_user_special_time_entries: - name: "Restart NTP service 'ntpsec'" diff --git a/host_vars/gw-123.oopen.de.yml b/host_vars/gw-123.oopen.de.yml index 538069d..3683ec4 100644 --- a/host_vars/gw-123.oopen.de.yml +++ b/host_vars/gw-123.oopen.de.yml @@ -115,6 +115,49 @@ resolved_fallback_nameserver: # vars used by roles/common/tasks/cron.yml # --- +cron_user_entries: + + - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" + minute: '0-59/3' + hour: '*' + job: /root/bin/monitoring/check_forwarding.sh + + - name: "Check if nameservice (bind) is running?" + minute: '*/23' + hour: '*' + job: /root/bin/monitoring/check_dns.sh + + - name: "Check if Resolver (systemd-resolved) is up and running?" + minute: '*/23' + hour: '*' + job: bin/monitoring/check_systemd_resolved.sh + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/17' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check if SSH service is up and running?" + minute: '*/13' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check if OpenVPN service is up and running?" + minute: '*/29' + hour: '*' + job: /root/bin/monitoring/check_vpn.sh + + - name: "Copy gateway configuration" + minute: '09' + hour: '3' + job: /root/bin/manage-gw-config/copy_gateway-config.sh 123 + + - name: "Speedtest" + minute: 13 + hour: 0-8 + job: /root/bin/admin-stuff/speedtest.sh + + cron_user_special_time_entries: - name: "Restart NTP service 'ntpsec'" diff --git a/host_vars/gw-ah.oopen.de.yml b/host_vars/gw-ah.oopen.de.yml index edd60ca..a5d700f 100644 --- a/host_vars/gw-ah.oopen.de.yml +++ b/host_vars/gw-ah.oopen.de.yml @@ -110,6 +110,49 @@ resolved_fallback_nameserver: # vars used by roles/common/tasks/cron.yml # --- +cron_user_entries: + + - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" + minute: '0-59/3' + hour: '*' + job: /root/bin/monitoring/check_forwarding.sh + + - name: "Check if nameservice (bind) is running?" + minute: '*/23' + hour: '*' + job: /root/bin/monitoring/check_dns.sh + + - name: "Check if Resolver (systemd-resolved) is up and running?" + minute: '*/23' + hour: '*' + job: bin/monitoring/check_systemd_resolved.sh + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/17' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check if SSH service is up and running?" + minute: '*/13' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check if OpenVPN service is up and running?" + minute: '*/29' + hour: '*' + job: /root/bin/monitoring/check_vpn.sh + + - name: "Copy gateway configuration" + minute: '09' + hour: '3' + job: /root/bin/manage-gw-config/copy_gateway-config.sh Kanzlei-Kiel + + - name: "Speedtest" + minute: 13 + hour: 0-8 + job: /root/bin/admin-stuff/speedtest.sh + + cron_user_special_time_entries: - name: "Restart NTP service 'ntpsec'" diff --git a/host_vars/gw-akb.oopen.de.yml b/host_vars/gw-akb.oopen.de.yml index 5e1d84e..7d22be2 100644 --- a/host_vars/gw-akb.oopen.de.yml +++ b/host_vars/gw-akb.oopen.de.yml @@ -115,6 +115,48 @@ resolved_fallback_nameserver: # vars used by roles/common/tasks/cron.yml # --- +cron_user_entries: + + - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" + minute: '0-59/3' + hour: '*' + job: /root/bin/monitoring/check_forwarding.sh + + - name: "Check if nameservice (bind) is running?" + minute: '*/23' + hour: '*' + job: /root/bin/monitoring/check_dns.sh + + - name: "Check if Resolver (systemd-resolved) is up and running?" + minute: '*/23' + hour: '*' + job: bin/monitoring/check_systemd_resolved.sh + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/17' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check if SSH service is up and running?" + minute: '*/13' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check if OpenVPN service is up and running?" + minute: '*/29' + hour: '*' + job: /root/bin/monitoring/check_vpn.sh + + - name: "Copy gateway configuration" + minute: '09' + hour: '3' + job: /root/bin/manage-gw-config/copy_gateway-config.sh AKB + + - name: "Speedtest" + minute: 13 + hour: 0-8 + job: /root/bin/admin-stuff/speedtest.sh + cron_user_special_time_entries: - name: "Restart NTP service 'ntpsec'" diff --git a/host_vars/gw-b3.oopen.de.yml b/host_vars/gw-b3.oopen.de.yml index 2b5f2de..9607b39 100644 --- a/host_vars/gw-b3.oopen.de.yml +++ b/host_vars/gw-b3.oopen.de.yml @@ -115,6 +115,49 @@ resolved_fallback_nameserver: # vars used by roles/common/tasks/cron.yml # --- +cron_user_entries: + + - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" + minute: '0-59/3' + hour: '*' + job: /root/bin/monitoring/check_forwarding.sh + + - name: "Check if nameservice (bind) is running?" + minute: '*/23' + hour: '*' + job: /root/bin/monitoring/check_dns.sh + + - name: "Check if Resolver (systemd-resolved) is up and running?" + minute: '*/23' + hour: '*' + job: bin/monitoring/check_systemd_resolved.sh + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/17' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check if SSH service is up and running?" + minute: '*/13' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check if OpenVPN service is up and running?" + minute: '*/29' + hour: '*' + job: /root/bin/monitoring/check_vpn.sh + + - name: "Copy gateway configuration" + minute: '09' + hour: '3' + job: /root/bin/manage-gw-config/copy_gateway-config.sh B3 + + - name: "Speedtest" + minute: 13 + hour: 0-8 + job: /root/bin/admin-stuff/speedtest.sh + + cron_user_special_time_entries: - name: "Restart NTP service 'ntpsec'" @@ -123,6 +166,8 @@ cron_user_special_time_entries: insertafter: PATH + + # --- # vars used by roles/common/tasks/users.yml # --- diff --git a/host_vars/gw-blkr.oopen.de.yml b/host_vars/gw-blkr.oopen.de.yml index cb5714d..bd5f954 100644 --- a/host_vars/gw-blkr.oopen.de.yml +++ b/host_vars/gw-blkr.oopen.de.yml @@ -83,55 +83,49 @@ network_interfaces: cron_user_entries: - - name: "Check if Postfix Mailservice is up and running?" - minute: '*/15' + - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" + minute: '0-59/3' hour: '*' - job: /root/bin/monitoring/check_postfix.sh + job: /root/bin/monitoring/check_forwarding.sh - - name: "Check Postfix E-Mail LOG file for 'fatal' errors" - minute: '17' + - name: "Check if nameservice (bind) is running?" + minute: '*/23' + hour: '*' + job: /root/bin/monitoring/check_dns.sh + + - name: "Check if Resolver (systemd-resolved) is up and running?" + minute: '*/23' + hour: '*' + job: bin/monitoring/check_systemd_resolved.sh + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/17' hour: '*' job: /root/bin/monitoring/check_postfix.sh - name: "Check if SSH service is up and running?" - minute: '*/15' + minute: '*/13' hour: '*' job: /root/bin/monitoring/check_ssh.sh - name: "Check if OpenVPN service is up and running?" - minute: '*/30' + minute: '*/29' hour: '*' job: /root/bin/monitoring/check_vpn.sh - - name: "Check if nameservice (bind) is running?" - minute: '*/10' - hour: '*' - job: /root/bin/monitoring/check_dns.sh - - - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" - minute: '0-59/2' - hour: '*' - job: /root/bin/monitoring/check_forwarding.sh - - name: "Copy gateway configuration" minute: '09' hour: '3' job: /root/bin/manage-gw-config/copy_gateway-config.sh BLKR + - name: "Speedtest" + minute: 13 + hour: 0-8 + job: /root/bin/admin-stuff/speedtest.sh #cron_user_special_time_entries: [] cron_user_special_time_entries: - - name: "Check if Postfix Service is running at boot time" - special_time: reboot - job: "sleep 7 ; /root/bin/monitoring/check_postfix.sh" - insertafter: PATH - - - name: "Restart Systemd's resolved at boottime." - special_time: reboot - job: "sleep 10 ; /bin/systemctl restart systemd-resolved" - insertafter: PATH - - name: "Restart NTP service 'ntpsec'" special_time: reboot job: "sleep 15 ; /bin/systemctl restart ntpsec" diff --git a/host_vars/gw-campus.oopen.de.yml b/host_vars/gw-campus.oopen.de.yml index 790783a..eacddf8 100644 --- a/host_vars/gw-campus.oopen.de.yml +++ b/host_vars/gw-campus.oopen.de.yml @@ -129,6 +129,56 @@ network_interfaces: # vars used by roles/common/tasks/cron.yml # --- +cron_user_entries: + + - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" + minute: '0-59/3' + hour: '*' + job: /root/bin/monitoring/check_forwarding.sh + + - name: "Check if nameservice (bind) is running?" + minute: '*/23' + hour: '*' + job: /root/bin/monitoring/check_dns.sh + + - name: "Check if Resolver (systemd-resolved) is up and running?" + minute: '*/23' + hour: '*' + job: bin/monitoring/check_systemd_resolved.sh + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/17' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check if SSH service is up and running?" + minute: '*/13' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check if OpenVPN service is up and running?" + minute: '*/29' + hour: '*' + job: /root/bin/monitoring/check_vpn.sh + + - name: "Copy gateway configuration" + minute: '09' + hour: '3' + job: /root/bin/manage-gw-config/copy_gateway-config.sh CAMPUS + + - name: "Speedtest" + minute: 13 + hour: 0-8 + job: /root/bin/admin-stuff/speedtest.sh + + +cron_user_special_time_entries: + + - name: "Restart NTP service 'ntpsec'" + special_time: reboot + job: "sleep 15 ; /bin/systemctl restart ntpsec" + insertafter: PATH + # --- # vars used by roles/common/tasks/sshd.yml diff --git a/host_vars/gw-ckubu.local.netz.yml b/host_vars/gw-ckubu.local.netz.yml index 9d63b6e..4b6cc2e 100644 --- a/host_vars/gw-ckubu.local.netz.yml +++ b/host_vars/gw-ckubu.local.netz.yml @@ -106,6 +106,50 @@ resolved_fallback_nameserver: # vars used by roles/common/tasks/cron.yml # --- +cron_user_entries: + + - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" + minute: '0-59/3' + hour: '*' + job: /root/bin/monitoring/check_forwarding.sh + + - name: "Check if nameservice (bind) is running?" + minute: '*/23' + hour: '*' + job: /root/bin/monitoring/check_dns.sh + + - name: "Check if Resolver (systemd-resolved) is up and running?" + minute: '*/23' + hour: '*' + job: bin/monitoring/check_systemd_resolved.sh + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/17' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check if SSH service is up and running?" + minute: '*/13' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check if OpenVPN service is up and running?" + minute: '*/29' + hour: '*' + job: /root/bin/monitoring/check_vpn.sh + + - name: "Copy gateway configuration" + minute: '09' + hour: '3' + job: /root/bin/manage-gw-config/copy_gateway-config.sh CKUBU + + - name: "Speedtest" + minute: 13 + hour: 0-8 + job: /root/bin/admin-stuff/speedtest.sh + + + cron_user_special_time_entries: - name: "Restart NTP service 'ntpsec'" diff --git a/host_vars/gw-d11.oopen.de.yml b/host_vars/gw-d11.oopen.de.yml index 6ca8d9c..320f903 100644 --- a/host_vars/gw-d11.oopen.de.yml +++ b/host_vars/gw-d11.oopen.de.yml @@ -115,6 +115,49 @@ resolved_fallback_nameserver: # vars used by roles/common/tasks/cron.yml # --- +cron_user_entries: + + - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" + minute: '0-59/3' + hour: '*' + job: /root/bin/monitoring/check_forwarding.sh + + - name: "Check if nameservice (bind) is running?" + minute: '*/23' + hour: '*' + job: /root/bin/monitoring/check_dns.sh + + - name: "Check if Resolver (systemd-resolved) is up and running?" + minute: '*/23' + hour: '*' + job: bin/monitoring/check_systemd_resolved.sh + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/17' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check if SSH service is up and running?" + minute: '*/13' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check if OpenVPN service is up and running?" + minute: '*/29' + hour: '*' + job: /root/bin/monitoring/check_vpn.sh + + - name: "Copy gateway configuration" + minute: '09' + hour: '3' + job: /root/bin/manage-gw-config/copy_gateway-config.sh WF + + - name: "Speedtest" + minute: 13 + hour: 0-8 + job: /root/bin/admin-stuff/speedtest.sh + + cron_user_special_time_entries: - name: "Restart NTP service 'ntpsec'" diff --git a/host_vars/gw-dissens.oopen.de.yml b/host_vars/gw-dissens.oopen.de.yml index 41b3cb7..3ed5895 100644 --- a/host_vars/gw-dissens.oopen.de.yml +++ b/host_vars/gw-dissens.oopen.de.yml @@ -203,6 +203,49 @@ resolved_fallback_nameserver: # vars used by roles/common/tasks/cron.yml # --- +cron_user_entries: + + - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" + minute: '0-59/3' + hour: '*' + job: /root/bin/monitoring/check_forwarding.sh + + - name: "Check if nameservice (bind) is running?" + minute: '*/23' + hour: '*' + job: /root/bin/monitoring/check_dns.sh + + - name: "Check if Resolver (systemd-resolved) is up and running?" + minute: '*/23' + hour: '*' + job: bin/monitoring/check_systemd_resolved.sh + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/17' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check if SSH service is up and running?" + minute: '*/13' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check if OpenVPN service is up and running?" + minute: '*/29' + hour: '*' + job: /root/bin/monitoring/check_vpn.sh + + - name: "Copy gateway configuration" + minute: '09' + hour: '3' + job: /root/bin/manage-gw-config/copy_gateway-config.sh DISSENS + + - name: "Speedtest" + minute: 13 + hour: 0-8 + job: /root/bin/admin-stuff/speedtest.sh + + cron_user_special_time_entries: - name: "Restart NTP service 'ntpsec'" diff --git a/host_vars/gw-ebs.oopen.de.yml b/host_vars/gw-ebs.oopen.de.yml index 9293bf6..a806161 100644 --- a/host_vars/gw-ebs.oopen.de.yml +++ b/host_vars/gw-ebs.oopen.de.yml @@ -156,6 +156,48 @@ resolved_fallback_nameserver: # vars used by roles/common/tasks/cron.yml # --- +cron_user_entries: + + - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" + minute: '0-59/3' + hour: '*' + job: /root/bin/monitoring/check_forwarding.sh + + - name: "Check if nameservice (bind) is running?" + minute: '*/23' + hour: '*' + job: /root/bin/monitoring/check_dns.sh + + - name: "Check if Resolver (systemd-resolved) is up and running?" + minute: '*/23' + hour: '*' + job: bin/monitoring/check_systemd_resolved.sh + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/17' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check if SSH service is up and running?" + minute: '*/13' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check if OpenVPN service is up and running?" + minute: '*/29' + hour: '*' + job: /root/bin/monitoring/check_vpn.sh + + - name: "Copy gateway configuration" + minute: '09' + hour: '3' + job: /root/bin/manage-gw-config/copy_gateway-config.sh EBS + + - name: "Speedtest" + minute: 13 + hour: 0-8 + job: /root/bin/admin-stuff/speedtest.sh + cron_user_special_time_entries: - name: "Restart NTP service 'ntpsec'" diff --git a/host_vars/gw-elster.oopen.de.yml b/host_vars/gw-elster.oopen.de.yml index 40642d6..04975c8 100644 --- a/host_vars/gw-elster.oopen.de.yml +++ b/host_vars/gw-elster.oopen.de.yml @@ -83,50 +83,50 @@ network_interfaces: cron_user_entries: + - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" + minute: '0-59/3' + hour: '*' + job: /root/bin/monitoring/check_forwarding.sh + + - name: "Check if nameservice (bind) is running?" + minute: '*/23' + hour: '*' + job: /root/bin/monitoring/check_dns.sh + + - name: "Check if Resolver (systemd-resolved) is up and running?" + minute: '*/23' + hour: '*' + job: bin/monitoring/check_systemd_resolved.sh + - name: "Check if Postfix Mailservice is up and running?" - minute: '*/15' + minute: '*/17' hour: '*' job: /root/bin/monitoring/check_postfix.sh - name: "Check if SSH service is up and running?" - minute: '*/15' + minute: '*/13' hour: '*' job: /root/bin/monitoring/check_ssh.sh - name: "Check if OpenVPN service is up and running?" - minute: '*/30' + minute: '*/29' hour: '*' job: /root/bin/monitoring/check_vpn.sh - - name: "Check if nameservice (bind) is running?" - minute: '*/10' - hour: '*' - job: /root/bin/monitoring/check_dns.sh - - - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" - minute: '0-59/2' - hour: '*' - job: /root/bin/monitoring/check_forwarding.sh - - name: "Copy gateway configuration" minute: '09' hour: '3' - job: /root/bin/manage-gw-config/copy_gateway-config.sh ELSTER + job: /root/bin/manage-gw-config/copy_gateway-config.sh Elster + + - name: "Speedtest" + minute: 13 + hour: 0-8 + job: /root/bin/admin-stuff/speedtest.sh #cron_user_special_time_entries: [] cron_user_special_time_entries: - - name: "Check if Postfix Service is running at boot time" - special_time: reboot - job: "sleep 7 ; /root/bin/monitoring/check_postfix.sh" - insertafter: PATH - - - name: "Restart Systemd's resolved at boottime." - special_time: reboot - job: "sleep 10 ; /bin/systemctl restart systemd-resolved" - insertafter: PATH - - name: "Restart NTP service 'ntpsec'" special_time: reboot job: "sleep 15 ; /bin/systemctl restart ntpsec" diff --git a/host_vars/gw-fhxb.oopen.de.yml b/host_vars/gw-fhxb.oopen.de.yml index a6ff75d..1e22ce1 100644 --- a/host_vars/gw-fhxb.oopen.de.yml +++ b/host_vars/gw-fhxb.oopen.de.yml @@ -160,6 +160,49 @@ resolved_fallback_nameserver: # vars used by roles/common/tasks/cron.yml # --- +cron_user_entries: + + - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" + minute: '0-59/3' + hour: '*' + job: /root/bin/monitoring/check_forwarding.sh + + - name: "Check if nameservice (bind) is running?" + minute: '*/23' + hour: '*' + job: /root/bin/monitoring/check_dns.sh + + - name: "Check if Resolver (systemd-resolved) is up and running?" + minute: '*/23' + hour: '*' + job: bin/monitoring/check_systemd_resolved.sh + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/17' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check if SSH service is up and running?" + minute: '*/13' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check if OpenVPN service is up and running?" + minute: '*/29' + hour: '*' + job: /root/bin/monitoring/check_vpn.sh + + - name: "Copy gateway configuration" + minute: '09' + hour: '3' + job: /root/bin/manage-gw-config/copy_gateway-config.sh FHXB + + - name: "Speedtest" + minute: 13 + hour: 0-8 + job: /root/bin/admin-stuff/speedtest.sh + + cron_user_special_time_entries: - name: "Restart NTP service 'ntpsec'" diff --git a/host_vars/gw-flr.oopen.de.yml b/host_vars/gw-flr.oopen.de.yml index dfefe94..73e1d41 100644 --- a/host_vars/gw-flr.oopen.de.yml +++ b/host_vars/gw-flr.oopen.de.yml @@ -79,53 +79,52 @@ network_interfaces: # --- # vars used by roles/common/tasks/cron.yml # --- - cron_user_entries: + - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" + minute: '0-59/3' + hour: '*' + job: /root/bin/monitoring/check_forwarding.sh + + - name: "Check if nameservice (bind) is running?" + minute: '*/23' + hour: '*' + job: /root/bin/monitoring/check_dns.sh + + - name: "Check if Resolver (systemd-resolved) is up and running?" + minute: '*/23' + hour: '*' + job: bin/monitoring/check_systemd_resolved.sh + - name: "Check if Postfix Mailservice is up and running?" - minute: '*/15' + minute: '*/17' hour: '*' job: /root/bin/monitoring/check_postfix.sh - name: "Check if SSH service is up and running?" - minute: '*/15' + minute: '*/13' hour: '*' job: /root/bin/monitoring/check_ssh.sh - name: "Check if OpenVPN service is up and running?" - minute: '*/30' + minute: '*/29' hour: '*' job: /root/bin/monitoring/check_vpn.sh - - name: "Check if nameservice (bind) is running?" - minute: '*/10' - hour: '*' - job: /root/bin/monitoring/check_dns.sh - - - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" - minute: '0-59/2' - hour: '*' - job: /root/bin/monitoring/check_forwarding.sh - - name: "Copy gateway configuration" minute: '09' hour: '3' job: /root/bin/manage-gw-config/copy_gateway-config.sh FLR-BRB + - name: "Speedtest" + minute: 13 + hour: 0-8 + job: /root/bin/admin-stuff/speedtest.sh + #cron_user_special_time_entries: [] cron_user_special_time_entries: - - name: "Check if Postfix Service is running at boot time" - special_time: reboot - job: "sleep 7 ; /root/bin/monitoring/check_postfix.sh" - insertafter: PATH - - - name: "Restart Systemd's resolved at boottime." - special_time: reboot - job: "sleep 10 ; /bin/systemctl restart systemd-resolved" - insertafter: PATH - - name: "Restart NTP service 'ntpsec'" special_time: reboot job: "sleep 15 ; /bin/systemctl restart ntpsec" diff --git a/host_vars/gw-fm.oopen.de.yml b/host_vars/gw-fm.oopen.de.yml index fb3463e..a10ab2b 100644 --- a/host_vars/gw-fm.oopen.de.yml +++ b/host_vars/gw-fm.oopen.de.yml @@ -180,54 +180,49 @@ resolved_fallback_nameserver: cron_user_entries: + - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" + minute: '0-59/3' + hour: '*' + job: /root/bin/monitoring/check_forwarding.sh + + - name: "Check if nameservice (bind) is running?" + minute: '*/23' + hour: '*' + job: /root/bin/monitoring/check_dns.sh + + - name: "Check if Resolver (systemd-resolved) is up and running?" + minute: '*/23' + hour: '*' + job: bin/monitoring/check_systemd_resolved.sh + - name: "Check if Postfix Mailservice is up and running?" - minute: '*/15' + minute: '*/17' hour: '*' job: /root/bin/monitoring/check_postfix.sh - name: "Check if SSH service is up and running?" - minute: '*/15' + minute: '*/13' hour: '*' job: /root/bin/monitoring/check_ssh.sh - name: "Check if OpenVPN service is up and running?" - minute: '*/30' + minute: '*/29' hour: '*' job: /root/bin/monitoring/check_vpn.sh - - name: "Check if nameservice (bind) is running?" - minute: '*/10' - hour: '*' - job: /root/bin/monitoring/check_dns.sh - - - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" - minute: '0-59/2' - hour: '*' - job: /root/bin/monitoring/check_forwarding.sh - -# - name: "Speedtest" -# minute: '17' -# hour: '*0-8' -# job: /root/bin/admin-stuff/speedtest.sh - - name: "Copy gateway configuration" minute: '09' hour: '3' job: /root/bin/manage-gw-config/copy_gateway-config.sh FM + - name: "Speedtest" + minute: 13 + hour: 0-8 + job: /root/bin/admin-stuff/speedtest.sh + cron_user_special_time_entries: - - name: "Check if Postfix Service is running at boot time" - special_time: reboot - job: "sleep 7 ; /root/bin/monitoring/check_postfix.sh" - insertafter: PATH - - - name: "Restart Systemd's resolved at boottime." - special_time: reboot - job: "sleep 10 ; /bin/systemctl restart systemd-resolved" - insertafter: PATH - - name: "Restart NTP service 'ntpsec'" special_time: reboot job: "sleep 15 ; /bin/systemctl restart ntpsec" diff --git a/host_vars/gw-irights.oopen.de.yml b/host_vars/gw-irights.oopen.de.yml index 3bc37fa..ef6c71a 100644 --- a/host_vars/gw-irights.oopen.de.yml +++ b/host_vars/gw-irights.oopen.de.yml @@ -78,50 +78,50 @@ network_interfaces: cron_user_entries: + - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" + minute: '0-59/3' + hour: '*' + job: /root/bin/monitoring/check_forwarding.sh + + - name: "Check if nameservice (bind) is running?" + minute: '*/23' + hour: '*' + job: /root/bin/monitoring/check_dns.sh + + - name: "Check if Resolver (systemd-resolved) is up and running?" + minute: '*/23' + hour: '*' + job: bin/monitoring/check_systemd_resolved.sh + - name: "Check if Postfix Mailservice is up and running?" - minute: '*/15' + minute: '*/17' hour: '*' job: /root/bin/monitoring/check_postfix.sh - name: "Check if SSH service is up and running?" - minute: '*/15' + minute: '*/13' hour: '*' job: /root/bin/monitoring/check_ssh.sh - name: "Check if OpenVPN service is up and running?" - minute: '*/30' + minute: '*/29' hour: '*' job: /root/bin/monitoring/check_vpn.sh - - name: "Check if nameservice (bind) is running?" - minute: '*/10' - hour: '*' - job: /root/bin/monitoring/check_dns.sh - - - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" - minute: '0-59/2' - hour: '*' - job: /root/bin/monitoring/check_forwarding.sh - - name: "Copy gateway configuration" minute: '09' hour: '3' - job: /root/bin/manage-gw-config/copy_gateway-config.sh FLR-BRB + job: /root/bin/manage-gw-config/copy_gateway-config.sh iRights + + - name: "Speedtest" + minute: 13 + hour: 0-8 + job: /root/bin/admin-stuff/speedtest.sh #cron_user_special_time_entries: [] cron_user_special_time_entries: - - name: "Check if Postfix Service is running at boot time" - special_time: reboot - job: "sleep 7 ; /root/bin/monitoring/check_postfix.sh" - insertafter: PATH - - - name: "Restart Systemd's resolved at boottime." - special_time: reboot - job: "sleep 10 ; /bin/systemctl restart systemd-resolved" - insertafter: PATH - - name: "Restart NTP service 'ntpsec'" special_time: reboot job: "sleep 15 ; /bin/systemctl restart ntpsec" diff --git a/host_vars/gw-km.oopen.de.yml b/host_vars/gw-km.oopen.de.yml index 4a2e11c..d3d3827 100644 --- a/host_vars/gw-km.oopen.de.yml +++ b/host_vars/gw-km.oopen.de.yml @@ -69,50 +69,49 @@ network_interfaces: cron_user_entries: + - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" + minute: '0-59/3' + hour: '*' + job: /root/bin/monitoring/check_forwarding.sh + + - name: "Check if nameservice (bind) is running?" + minute: '*/23' + hour: '*' + job: /root/bin/monitoring/check_dns.sh + + - name: "Check if Resolver (systemd-resolved) is up and running?" + minute: '*/23' + hour: '*' + job: bin/monitoring/check_systemd_resolved.sh + - name: "Check if Postfix Mailservice is up and running?" - minute: '*/15' + minute: '*/17' hour: '*' job: /root/bin/monitoring/check_postfix.sh - name: "Check if SSH service is up and running?" - minute: '*/15' + minute: '*/13' hour: '*' job: /root/bin/monitoring/check_ssh.sh - name: "Check if OpenVPN service is up and running?" - minute: '*/30' + minute: '*/29' hour: '*' job: /root/bin/monitoring/check_vpn.sh - - name: "Check if nameservice (bind) is running?" - minute: '*/10' - hour: '*' - job: /root/bin/monitoring/check_dns.sh - - - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" - minute: '0-59/2' - hour: '*' - job: /root/bin/monitoring/check_forwarding.sh - - name: "Copy gateway configuration" minute: '09' hour: '3' job: /root/bin/manage-gw-config/copy_gateway-config.sh ANW-KM + - name: "Speedtest" + minute: 13 + hour: 0-8 + job: /root/bin/admin-stuff/speedtest.sh #cron_user_special_time_entries: [] cron_user_special_time_entries: - - name: "Check if Postfix Service is running at boot time" - special_time: reboot - job: "sleep 7 ; /root/bin/monitoring/check_postfix.sh" - insertafter: PATH - - - name: "Restart Systemd's resolved at boottime." - special_time: reboot - job: "sleep 10 ; /bin/systemctl restart systemd-resolved" - insertafter: PATH - - name: "Restart NTP service 'ntpsec'" special_time: reboot job: "sleep 15 ; /bin/systemctl restart ntpsec" diff --git a/host_vars/gw-mbr.oopen.de.yml b/host_vars/gw-mbr.oopen.de.yml new file mode 100644 index 0000000..60ce254 --- /dev/null +++ b/host_vars/gw-mbr.oopen.de.yml @@ -0,0 +1,364 @@ +--- + +# --- +# vars used by roles/network_interfaces +# --- + + +# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted +network_manage_devices: True + +# Should the interfaces be reloaded after config change? +network_interface_reload: False + +network_interface_path: /etc/network/interfaces.d +network_interface_required_packages: + - vlan + - bridge-utils + - ifmetric + - ifupdown + - ifenslave + +network_interfaces: + + - device: enp0s20f0 + headline: enp0s20f0 - Uplink DSL via Fritz!Box + auto: true + family: inet + method: static + address: 172.16.112.1/24 + gateway: 172.16.112.254 + + + - device: enp0s20f1 + headline: enp0s20f1 - LAN + auto: true + family: inet + method: static + address: 192.168.112.254/24 + + + - device: enp0s20f1:ns + headline: enp0s20f1:ns - Alias on enp0s20f1 (Nameserver) + auto: true + family: inet + method: static + address: 192.168.112.1/32 + + + - device: enp0s20f1:wlan + headline: enp0s20f1:ns - Alias on enp0s20f1 (WLAN) + auto: false + family: inet + method: static + address: 192.168.113.254/24 + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + +sshd_hostkeyalgorithms: + - ssh-ed25519 + - ssh-ed25519-cert-v01@openssh.com + - rsa-sha2-256 + - rsa-sha2-512 + - ecdsa-sha2-nistp256 + - rsa-sha2-256-cert-v01@openssh.com + - rsa-sha2-512-cert-v01@openssh.com + + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/users +# --- + +default_user: + + - name: chris + password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912 + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + + - name: sysadm + user_id: 1050 + group_id: 1050 + group: sysadm + password: $y$j9T$sHxqz7NyYdn38ZegSbewO.$PPHR0n.XeMcS3AQ9KybllBT.2hxpYlQ7AiVhxHgUOX8 + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + + - name: localadmin + user_id: 1051 + group_id: 1051 + group: localadmin + home: /home/localadmin + password: $y$j9T$1WH8G2UkuN1jjp4QLuoeC0$dXpOnJUfMMAqAXlwN8XD0pq78r.a4UZOgt3LY4afxy/ + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + + - name: back + user_id: 1060 + group_id: 1060 + group: back + password: $y$j9T$WmitGB98lhPLJ39Iy4YfH.$irv0LP1bB5ImQKBUr1acEif6Ed6zDu6gLQuGQd/i5s0 + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQMCGCyIvs5hoNDoTIkKvKmEbxLf+uCYI1vx//ZQYY root@o26-backup' + + +# --- +# vars used by roles/common/tasks/systemd-resolved.yml +# --- + +systemd_resolved: true + +# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie +# Primäre DNS-Adresse: 38.132.106.139 +# Sekundäre DNS-Adresse: 194.187.251.67 +# +# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen +# primäre DNS-Adresse +# IPv4: 1.1.1.1 +# IPv6: 2606:4700:4700::1111 +# sekundäre DNS-Adresse +# IPv4: 1.0.0.1 +# IPv6: 2606:4700:4700::1001 +# +# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit +# primäre DNS-Adresse +# IPv4: 8.8.8.8 +# IPv6: 2001:4860:4860::8888 +# sekundäre DNS-Adresse +# IPv4: 8.8.4.4 +# IPv6: 2001:4860:4860::8844 +# +# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug +# primäre DNS-Adresse +# IPv4: 9.9.9.9 +# IPv6: 2620:fe::fe +# sekundäre DNS-Adresse +# IPv4: 149.112.112.112 +# IPv6: 2620:fe::9 +# +# OpenNIC - https://www.opennic.org/ +# IPv4: 195.10.195.195 - ns31.de +# IPv4: 94.16.114.254 - ns28.de +# IPv4: 51.254.162.59 - ns9.de +# IPv4: 194.36.144.87 - ns29.de +# IPv6: 2a00:f826:8:2::195 - ns31.de +# +# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) +# IPv4: 5.1.66.255 +# IPv6: 2001:678:e68:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# IPv4: 185.150.99.255 +# IPv6: 2001:678:ed0:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) +resolved_nameserver: + - 127.0.0.1 + +# search domains +# +# If there are more than one search domains, then specify them here in the order in which +# the resolver should also search them +# +#resolved_domains: [] +resolved_domains: + - ~. + - mbr-bln.netz + +resolved_dnssec: false + +# dns.as250.net: 194.150.168.168 +# +resolved_fallback_nameserver: + - 194.150.168.168 + + +# --- +# vars used by roles/common/tasks/cron.yml +# --- + +cron_user_entries: + + - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" + minute: '0-59/3' + hour: '*' + job: /root/bin/monitoring/check_forwarding.sh + + - name: "Check if nameservice (bind) is running?" + minute: '*/23' + hour: '*' + job: /root/bin/monitoring/check_dns.sh + + - name: "Check if Resolver (systemd-resolved) is up and running?" + minute: '*/23' + hour: '*' + job: bin/monitoring/check_systemd_resolved.sh + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/17' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check if SSH service is up and running?" + minute: '*/13' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check if OpenVPN service is up and running?" + minute: '*/29' + hour: '*' + job: /root/bin/monitoring/check_vpn.sh + + - name: "Copy gateway configuration" + minute: '09' + hour: '3' + job: /root/bin/manage-gw-config/copy_gateway-config.sh MBR + + - name: "Speedtest" + minute: 13 + hour: 0-8 + job: /root/bin/admin-stuff/speedtest.sh + + +cron_user_special_time_entries: + + - name: "Restart NTP service 'ntpsec'" + special_time: reboot + job: "sleep 15 ; /bin/systemctl restart ntpsec" + insertafter: PATH + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + +insert_ssh_keypair_backup_server: false +ssh_keypair_backup_server: + - name: backup + backup_user: back + priv_key_src: root/.ssh/id_rsa.backup.oopen.de + priv_key_dest: /root/.ssh/id_rsa + pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub + pub_key_dest: /root/.ssh/id_rsa.pub + +insert_keypair_backup_client: true +ssh_keypair_backup_client: + - name: backup + priv_key_src: root/.ssh/id_ed25519.oopen-server + priv_key_dest: /root/.ssh/id_ed25519 + pub_key_src: root/.ssh/id_ed25519.oopen-server.pub + pub_key_dest: /root/.ssh/id_ed25519.pub + target: backup.oopen.de + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + +install_bind_packages: true + + +bind9_gateway_acl: + - local-net: + name: local-net + entries: + - 127.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + - 10.0.0.0/8 + - fc00::/7 + - fe80::/10 + - ::1/128 + +bind9_gateway_listen_on_v6: + - none + +bind9_gateway_listen_on: + - any + +#bind9_gateway_allow_transfer: {} + +bind9_transfer_source: !!str "192.168.112.1" +bind9_notify_source: !!str "192.168.112.1" + +#bind9_gateway_allow_query: {} +bind9_gateway_allow_query: + - local-net + +#bind9_gateway_allow_query_cache: {} +bind9_gateway_allow_query_cache: + - local-net + +bind9_gateway_recursion: !!str "yes" +#bind9_gateway_allow_recursion: {} +bind9_gateway_allow_recursion: + - local-net + +# --- +# vars used by roles/common/tasks/git.yml +# --- + +git_firewall_repository: + name: ipt-gateway + repo: https://git.oopen.de/firewall/ipt-gateway + dest: /usr/local/src/ipt-gateway + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + +root_user: + name: root + password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. + diff --git a/host_vars/gw-opp.oopen.de.yml b/host_vars/gw-opp.oopen.de.yml index 0de533f..6c6876c 100644 --- a/host_vars/gw-opp.oopen.de.yml +++ b/host_vars/gw-opp.oopen.de.yml @@ -160,6 +160,49 @@ resolved_fallback_nameserver: # vars used by roles/common/tasks/cron.yml # --- +cron_user_entries: + + - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" + minute: '0-59/3' + hour: '*' + job: /root/bin/monitoring/check_forwarding.sh + + - name: "Check if nameservice (bind) is running?" + minute: '*/23' + hour: '*' + job: /root/bin/monitoring/check_dns.sh + + - name: "Check if Resolver (systemd-resolved) is up and running?" + minute: '*/23' + hour: '*' + job: bin/monitoring/check_systemd_resolved.sh + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/17' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check if SSH service is up and running?" + minute: '*/13' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check if OpenVPN service is up and running?" + minute: '*/29' + hour: '*' + job: /root/bin/monitoring/check_vpn.sh + + - name: "Copy gateway configuration" + minute: '09' + hour: '3' + job: /root/bin/manage-gw-config/copy_gateway-config.sh OPP + + - name: "Speedtest" + minute: 13 + hour: 0-8 + job: /root/bin/admin-stuff/speedtest.sh + + cron_user_special_time_entries: - name: "Restart NTP service 'ntpsec'" diff --git a/host_vars/gw-spr.oopen.de.yml b/host_vars/gw-spr.oopen.de.yml index 914f00c..07ca5f5 100644 --- a/host_vars/gw-spr.oopen.de.yml +++ b/host_vars/gw-spr.oopen.de.yml @@ -115,6 +115,48 @@ resolved_fallback_nameserver: # vars used by roles/common/tasks/cron.yml # --- +cron_user_entries: + + - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" + minute: '0-59/3' + hour: '*' + job: /root/bin/monitoring/check_forwarding.sh + + - name: "Check if nameservice (bind) is running?" + minute: '*/23' + hour: '*' + job: /root/bin/monitoring/check_dns.sh + + - name: "Check if Resolver (systemd-resolved) is up and running?" + minute: '*/23' + hour: '*' + job: bin/monitoring/check_systemd_resolved.sh + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/17' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check if SSH service is up and running?" + minute: '*/13' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check if OpenVPN service is up and running?" + minute: '*/29' + hour: '*' + job: /root/bin/monitoring/check_vpn.sh + + - name: "Copy gateway configuration" + minute: '09' + hour: '3' + job: /root/bin/manage-gw-config/copy_gateway-config.sh SPR-BE + + - name: "Speedtest" + minute: 13 + hour: 0-8 + job: /root/bin/admin-stuff/speedtest.sh + cron_user_special_time_entries: - name: "Restart NTP service 'ntpsec'" diff --git a/host_vars/zapata.opp.netz.yml b/host_vars/zapata.opp.netz.yml index d9d8b07..6133993 100644 --- a/host_vars/zapata.opp.netz.yml +++ b/host_vars/zapata.opp.netz.yml @@ -259,7 +259,7 @@ samba_user: groups: - buero - beratung - password: '6/shd9c2.cHE' + password: 'b1rg1t#adb' # passwort unbekannt - name: chris diff --git a/roles/modify-ipt-gateway/tasks/main.yml b/roles/modify-ipt-gateway/tasks/main.yml index 27c8442..ed2f03f 100644 --- a/roles/modify-ipt-gateway/tasks/main.yml +++ b/roles/modify-ipt-gateway/tasks/main.yml @@ -60,46 +60,16 @@ notify: - Restart IPv6 Firewall -- name: addjust line 'jitsi_udp_ports' (IPv4) +- name: addjust line 'dynaddr_flag' (IPv4) lineinfile: path: /etc/ipt-firewall/main_ipv4.conf - regexp: '^jitsi_udp_ports=' - line: 'jitsi_udp_ports="$standard_jitsi_udp_ports"' + regexp: '^dynaddr_flag=' + line: 'dynaddr_flag="$default_dynaddr_flag"' when: - main_ipv4_exists.stat.exists notify: - Restart IPv4 Firewall -- name: addjust line 'jitsi_udp_ports' (IPv6) - lineinfile: - path: /etc/ipt-firewall/main_ipv6.conf - regexp: '^jitsi_udp_ports=' - line: 'jitsi_udp_ports="$standard_jitsi_udp_ports"' - when: - - main_ipv6_exists.stat.exists - notify: - - Restart IPv6 Firewall - -- name: addjust line 'bigbluebutton_udp_ports' (IPv4) - lineinfile: - path: /etc/ipt-firewall/main_ipv4.conf - regexp: '^bigbluebutton_udp_ports=' - line: 'bigbluebutton_udp_ports="$standard_bigbluebutton_udp_ports"' - when: - - main_ipv4_exists.stat.exists - notify: - - Restart IPv4 Firewall - -- name: addjust line 'bigbluebutton_udp_ports' (IPv6) - lineinfile: - path: /etc/ipt-firewall/main_ipv6.conf - regexp: '^bigbluebutton_udp_ports=' - line: 'bigbluebutton_udp_ports="$standard_bigbluebutton_udp_ports"' - when: - - main_ipv6_exists.stat.exists - notify: - - Restart IPv6 Firewall - - name: addjust line 'adjust_kernel_parameters' (IPv6) lineinfile: path: /etc/ipt-firewall/main_ipv6.conf @@ -120,7 +90,6 @@ notify: - Restart IPv6 Firewall - - name: addjust line 'blocked_ips' (IPv4) lineinfile: path: /etc/ipt-firewall/main_ipv4.conf @@ -138,65 +107,83 @@ # --- -# Add additional SMTP ports OUT +# Add MS SQL Datenbank Services # --- -- name: Check if String 'allow_ipmi_request_in..' (IPv4) is present - shell: grep -q -E "^#?allow_ipmi_request_in=" /etc/ipt-firewall/main_ipv4.conf - register: allow_ipmi_request_in_ipv4_present +- name: Check if String 'ms_sql_server_local_ips..' (IPv4) is present + shell: grep -q -E "^#?ms_sql_server_local_ips=" /etc/ipt-firewall/main_ipv4.conf + register: ms_sql_server_local_ips_ipv4_present when: main_ipv4_exists.stat.exists - failed_when: "allow_ipmi_request_in_ipv4_present.rc > 1" - changed_when: "allow_ipmi_request_in_ipv4_present.rc > 0" + failed_when: "ms_sql_server_local_ips_ipv4_present.rc > 1" + changed_when: "ms_sql_server_local_ips_ipv4_present.rc > 0" -- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (allow_ipmi_request_in) +- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (ms_sql_server_local_ips) blockinfile: path: /etc/ipt-firewall/main_ipv4.conf - insertafter: '^#?\s*ipmi_tcp_ports=' + insertafter: '^#?\s*declare -A samba_server_dmz_arr' block: | - # - Allow Access to IPMI Interfaces from outside + + # ====== + # - MS SQL Datenbank Services + # ====== + + # - MS SQL Datenbank Services # - - # - Note: - # - In addition, ports + # - Standardports: # - - # - TCP :443, 3520, 5900 - # - UDP: 623 + # - Microsoft SQL Server: 1433/tcp (ms-sql-s) + # - Microsoft SQL Monitor: 1434/udp (ms-sql-m) # - - # - must be forwarded to the IP address of the IPMI network interface in the router (e.g., Fritzbox). + ms_sql_s_tcp_ports="${standard_ms_sql_s_port}" + ms_sql_m_udp_ports="${standard_ms_sql_m_port}" + + # - Micrisoft SQL Services local networks # - - allow_ipmi_request_in=false - marker: "# Marker set by modify-ipt-gateway.yml (allow_ipmi_request_in)" + # - 192.168.10.18 + # - + ms_sql_server_local_ips="" + marker: "# Marker set by modify-ipt-gateway.yml (ms_sql_server_local_ips)" when: - main_ipv4_exists.stat.exists - - allow_ipmi_request_in_ipv4_present is changed + - ms_sql_server_local_ips_ipv4_present is changed -- name: Check if String 'allow_ipmi_request_in..' (IPv6) is present - shell: grep -q -E "^#?allow_ipmi_request_in=" /etc/ipt-firewall/main_ipv6.conf - register: allow_ipmi_request_in_ipv6_present +- name: Check if String 'ms_sql_server_local_ips..' (IPv6) is present + shell: grep -q -E "^#?ms_sql_server_local_ips=" /etc/ipt-firewall/main_ipv6.conf + register: ms_sql_server_local_ips_ipv6_present when: main_ipv6_exists.stat.exists - failed_when: "allow_ipmi_request_in_ipv6_present.rc > 1" - changed_when: "allow_ipmi_request_in_ipv6_present.rc > 0" + failed_when: "ms_sql_server_local_ips_ipv6_present.rc > 1" + changed_when: "ms_sql_server_local_ips_ipv6_present.rc > 0" -- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (allow_ipmi_request_in) +- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (ms_sql_server_local_ips) blockinfile: path: /etc/ipt-firewall/main_ipv6.conf - insertafter: '^#?\s*ipmi_tcp_ports=' + insertafter: '^#?\s*declare -A samba_server_dmz_arr' block: | - # - Allow Access to IPMI Interfaces from outside + + # ====== + # - MS SQL Datenbank Services + # ====== + + # - MS SQL Datenbank Services # - - # - Note: - # - In addition, ports + # - Standardports: # - - # - TCP :443, 3520, 5900 - # - UDP: 623 + # - Microsoft SQL Server: 1433/tcp (ms-sql-s) + # - Microsoft SQL Monitor: 1434/udp (ms-sql-m) # - - # - must be forwarded to the IP address of the IPMI network interface in the router (e.g., Fritzbox). + ms_sql_s_tcp_ports="${standard_ms_sql_s_port}" + ms_sql_m_udp_ports="${standard_ms_sql_m_port}" + + # - Micrisoft SQL Services local networks # - - allow_ipmi_request_in=false - marker: "# Marker set by modify-ipt-gateway.yml (allow_ipmi_request_in)" + # - 192.168.10.18 + # - + ms_sql_server_local_ips="" + marker: "# Marker set by modify-ipt-gateway.yml (ms_sql_server_local_ips)" when: - main_ipv6_exists.stat.exists - - allow_ipmi_request_in_ipv6_present is changed + - ms_sql_server_local_ips_ipv6_present is changed # ---